Secure password sharing for wireless networks

ABSTRACT

This application relates to a computing device that can be configured to implement a method for enabling a nearby computing device to access a wireless network by carrying out the techniques described herein. In particular, the method can include the steps of (1) receiving a request from the nearby computing device to access the wireless network, where the request includes user information associated with the nearby computing device, (2) presenting a notification associated with the request in response to determining, based on the user information, that the nearby computing device is recognized by the computing device, and (3) in response to receiving an approval for the nearby computing device to access the wireless network: providing, to the nearby computing device, a password for accessing the wireless network.

CROSS-REFERENCE TO RELATED APPLICATIONS

The present application is a continuation of U.S. patent applicationSer. No. 15/721,133, entitled “SECURE PASSWORD SHARING FOR WIRELESSNETWORKS,” filed Sep. 29, 2017, which claims the benefit of U.S.Provisional Application No. 62/507,125, entitled “SECURE PASSWORDSHARING FOR WIRELESS NETWORKS,” filed May 16, 2017, the contents of allof which are incorporated by reference herein in their entirety for allpurposes.

FIELD

The described embodiments relate generally to sharing wireless networkpasswords between computing devices. More particularly, the describedembodiments involve enabling a computing device to share the passwordwith a nearby computing device that is known to the computing device.

BACKGROUND

Conventional approaches for sharing wireless network passwords are proneto security issues. For example, a widespread approach for sharing agiven password involves including the password within a communication toanother person, e.g., an e-mail, a text message, or speaking thepassword directly to another person. This widespread approach isunfortunate, especially when considering that an unauthorized person inpossession of the password can easily gain access to potentiallysensitive data that is accessible via the wireless network (e.g., sharednetwork drives). However, it is also undesirable to substantiallyincrease the difficulty of sharing passwords in attempt to thwartmalicious users, e.g., implementing lengthy passwords that are difficultto enter, implementing frequently-changing passwords, and so on.

Accordingly, there exists a need for a more efficient and securetechnique for sharing wireless network passwords between computingdevices.

SUMMARY

To cure the foregoing deficiencies, the representative embodiments setforth herein disclose various techniques for enabling a computing deviceto share a wireless network password with a nearby computing device thatis known to the computing device.

According to some embodiments, a computing device can be configured toimplement a method for enabling a nearby computing device to access awireless network by carrying out the techniques described herein. Inparticular, the method can include the steps of (1) receiving a requestfrom the nearby computing device to access the wireless network, wherethe request includes user information associated with the nearbycomputing device, (2) presenting a notification associated with therequest in response to determining, based on the user information, thatthe nearby computing device is recognized by the computing device, and(3) in response to receiving an approval for the nearby computing deviceto access the wireless network: providing, to the nearby computingdevice, a password for accessing the wireless network.

According to some embodiments, a computing device can be configured toimplement another method for enabling a nearby computing device toaccess a wireless network by carrying out the techniques describedherein. In particular, the method can include the steps of (1) receivingan encrypted request from the nearby computing device, where theencrypted request includes an indication that the nearby computingdevice is seeking to access the wireless network, (2) identifying a keyfor decrypting the encrypted request, (3) decrypting the encryptedrequest using the key to extract the indication, (4) displaying anotification in accordance with the indication, and (5) in response toreceiving an approval for the nearby computing device to access thewireless network: providing, to the nearby computing device, a passwordfor accessing the wireless network.

According to some embodiments, a computing device can be configured toimplement another method for enabling a nearby computing device toaccess data items by carrying out the techniques described herein. Inparticular, the method can include the steps of (1) receiving anencrypted request from the nearby computing device, wherein theencrypted request includes an indication that the nearby computingdevice is seeking to access one or more data items that are accessibleto the computing device, (2) identifying a key for decrypting theencrypted request, (3) decrypting the encrypted request using the key toextract the indication, (4) displaying a notification in accordance withthe indication, and (5) in response to receiving an approval for thenearby computing device to access the one or more data items: providing,to the nearby computing device, the one or more data items.

Other embodiments include a non-transitory computer readable storagemedium configured to store instructions that, when executed by aprocessor included in a computing device, cause the computing device tocarry out the various steps of any of the foregoing methods. Furtherembodiments include a computing device that is configured to carry outthe various steps of any of the foregoing methods.

Other aspects and advantages of the invention will become apparent fromthe following detailed description taken in conjunction with theaccompanying drawings which illustrate, by way of example, theprinciples of the described embodiments.

BRIEF DESCRIPTION OF THE DRAWINGS

The disclosure will be readily understood by the following detaileddescription in conjunction with the accompanying drawings, wherein likereference numerals designate like structural elements.

FIG. 1 illustrates a block diagram of different computing devices thatcan be configured to implement different aspects of the varioustechniques described herein, according to some embodiments.

FIGS. 2A-2B illustrate conceptual diagrams of example computing devicesthat can be configured to service a request to access a wirelessnetwork, according to some embodiments.

FIG. 3 illustrates a method for servicing a request to access a wirelessnetwork, according to some embodiments.

FIG. 4 illustrates a method for enabling a computing device to issue arequest to access a wireless network, according to some embodiments.

FIG. 5 illustrates a method for sharing a device key between differentcomputing devices, according to some embodiments.

FIG. 6 illustrates a method for servicing a request to access a wirelessnetwork, according to some embodiments.

FIG. 7 illustrates a method for enabling a computing device to issue arequest to access a wireless network, according to some embodiments.

FIG. 8 illustrates a method for servicing a request to share a passwordfor a wireless network, according to some embodiments.

FIGS. 9A-9D illustrate conceptual diagrams of example user interfacesthat can be configured to service a request to access a specificwireless network, according to some embodiments.

FIGS. 10A-10D illustrate conceptual diagrams of example user interfacesthat can be configured to service a request to access any wirelessnetwork, according to some embodiments.

FIG. 11 illustrates a method for enabling a computing device to servicea request to access a wireless hotspot, according to some embodiments.

FIG. 12 illustrates a method for enabling a computing device to access asecured resource, according to some embodiments.

FIG. 13 illustrates a method for servicing a request issued by a nearbycomputing device to access a wireless network by providing the nearbycomputing device with a temporary password, according to someembodiments.

FIG. 14 illustrates a method for enabling a wireless router to provide acomputing device with access to a wireless network, according to someembodiments.

FIG. 15 illustrates a detailed view of a computing device that can beconfigured to implement the various techniques described herein,according to some embodiments.

DETAILED DESCRIPTION

Representative applications of methods and apparatus according to thepresent application are described in this section. These examples arebeing provided solely to add context and aid in the understanding of thedescribed embodiments. It will thus be apparent to one skilled in theart that the described embodiments may be practiced without some or allof these specific details. In other instances, well known process stepshave not been described in detail in order to avoid unnecessarilyobscuring the described embodiments. Other applications are possible,such that the following examples should not be taken as limiting.

In the following detailed description, references are made to theaccompanying drawings, which form a part of the description and in whichare shown, by way of illustration, specific embodiments in accordancewith the described embodiments. Although these embodiments are describedin sufficient detail to enable one skilled in the art to practice thedescribed embodiments, it is understood that these examples are notlimiting; such that other embodiments may be used, and changes may bemade without departing from the spirit and scope of the describedembodiments.

The embodiments described herein set forth techniques for enabling acomputing device to discover a nearby computing device that is known tothe computing device by determining whether a pre-existing relationshipexists between these two computing devices. Subsequently, when thecomputing device determines that the pre-existing relationship exists,the computing device can share, with the nearby computing device, one ormore data items that are accessible to the computing device (e.g.,managed by the computing device, stored at the computing device, storedat a cloud networking storage device, etc.). In some examples, thecomputing device can share a wireless network password with the nearbycomputing device. In other examples, the computing device can sharemedia items (e.g., document files, picture files, music files, videofiles, website links, etc.) with the nearby computing device. Consider,for example, a scenario where the computing device receives a requestfrom the nearby computing device to share a particular photo (e.g., Fijisurf trip, etc.) with a user of the nearby computing device. In responseto determining that the pre-existing relationship exists between thesetwo computing devices, the computing device can present a notification(in accordance with the request) to a user of the computing device tolaunch a photo application that has access to the particular photo.Subsequently, the user of the computing device can utilize the photoapplication to grant the nearby computing device access to theparticular photo. Alternatively, if the computing device does notrecognize the nearby computing device, the computing device can preventthe notification from being presented. Thus, the computing device canutilize the techniques as described in greater detail herein to providean additional layer of security and privacy when sharing one or moredata items with the nearby computing device.

According to some embodiments, in response to receiving a request from anearby computing device to access a wireless network, a computing device(having access to the wireless network) can identify whether apre-existing relationship exists between these two computing devices. Inparticular, prior to receiving the request, the computing device caninitially establish communication with the nearby computing device. Insome examples, the computing device can store user informationassociated with the nearby computing device and establish a contact cardbased on at least a subset of the user information for the nearbycomputing device. In other examples, subsequent to the computing deviceestablishing an initial pairing with the nearby computing device, thecomputing device can receive access to a device key associated with thenearby computing device. In turn, the computing device can correlate thedevice key to a device identifier (ID) associated with the nearbycomputing device. In either case, in response to receiving the requestfrom the nearby computing device, the computing device can access atleast one of (1) the user information or (2) the correlated device keyto identify whether these computing devices are known to each other.Thus, the computing device can prevent a user of the computing devicefrom being bothered by unknown/irrelevant computing devices.

Next, the computing device can determine whether the request provided bythe nearby computing device indicates a specific wireless network.According to some embodiments, the user of the computing device cansuggest an available wireless network if the specific wireless networkis not indicated in the request. In either case, the user of thecomputing device can determine whether to grant the nearby computingdevice access to the wireless network. Additionally, in conjunction withgranting the nearby computing device access to the wireless network, thecomputing device can provide a password associated with the wirelessnetwork in a format that prevents the nearby computing device fromsharing the password with another computing device. In this manner, thecomputing device can prevent an unauthorized person in possession of thepassword from gaining access to potentially sensitive data that isaccessible via the wireless network.

A more detailed discussion of these techniques is set forth below anddescribed in conjunction with FIGS. 1, 2A-2B, 3-8, 9A-D, 10A-D, and11-15, which illustrate detailed diagrams of systems and methods thatcan be used to implement these techniques.

FIG. 1 illustrates a block diagram 100 of different computing devicesthat can be configured to implement various aspects of the techniquesdescribed herein, according to some embodiments. Specifically, FIG. 1illustrates a high-level overview of a computing device 102-1 that isconfigured to communicate with and enable different computing devices102 (e.g., 102-2 through 102-N) to access (at least one) wirelessnetwork 130. Although not illustrated in FIG. 1 , it is understood thateach of the computing devices 102 can include at least one processor, atleast one memory, and at least one storage device that collectivelyenable these computing devices to operate in accordance with thisdisclosure. For example, in a given computing device 102, the at leastone processor, in conjunction with the at least one memory, can loadinstructions that are stored in the at least one storage device into theat least one memory to enable the techniques described herein to beimplemented. In particular, an operating system (OS) that includes avariety of applications/kernels can be executed by the at least oneprocessor in order to implement the various techniques described herein.

For example, the OS can enable a sharing manager 110 to execute on thecomputing device 102-1. According to some embodiments, the sharingmanager 110 can be configured to service requests received from thedifferent computing devices 102 to obtain access to the wireless network130. In particular, the sharing manager 110 can be configured to accessvarious data structures (e.g., stored in the at least one memory/atleast one storage device of the computing device 102-1) that enable thesharing manager 110 to determine whether to grant the differentcomputing devices 102 access to the wireless network 130. For example,the data structures can include user information 120, contacts 122, adevice identifier 123, a device key 124, paired device keys 126, andwireless network information 128, the purposes of which are describedbelow in greater detail.

According to some embodiments, the sharing manager 110 can be configuredto access user information 120 and contacts 122 when attempting toidentify whether pre-existing relationships exist between the computingdevices 102. For example, user information 120 can store data that isdescriptive of a registered user of the computing device 102-1, and cantake any form that enables the computing device 102-1 to be recognizableto other computing devices 102. According to some embodiments, the userinformation 120 can also be based on hardware/software propertiesassociated with the computing device 102-1. For example, the userinformation 120 can be based on a phone number, a user ID associatedwith a single sign-on service (e.g., Apple ID), an e-mail account, asocial network account, a social media account, a subscriber identitymodule (SIM) card, and so on, associated with the computing device102-1. In some cases, when the computing device 102-1 establishescommunication with other computing devices 102, the sharing manager 110can provide the respective user information 120 for the computing device102-1 to the other computing devices 102. In turn, when establishingcommunication with the other computing devices 102, the sharing manager110 can also receive respective user information 120 associated with theother computing devices 102. In this manner, the computing devices 102can mutually identify one another in conjunction with carrying out thetechniques set forth herein.

According to some embodiments, when the computing device 102-1 storesuser information 120 for a given computing device 102 (e.g., thedifferent computing device 102-2), the sharing manager 110 of thecomputing device 102-1 can establish the different computing device102-2 as a contact that is recognized or known by the sharing manager110. This can involve, for example, establishing a contact card in thecontacts 122 that is based on at least a subset of the user information120 for the different computing device 102-2. The subset can include,for example, a first name, a last name, an alias, a physical address, aphone number, a photo, and so on, associated with the differentcomputing device 102-2. As described in greater detail herein, storinguser information 120 for the other computing devices 102 can enable thesharing manager 110 to appropriately respond to or ignore requests fromthe other computing devices 102 to access the wireless network 130.

For example, when the computing device 102-1 receives a request from anunknown computing device 102 to access the wireless network 130 (towhich the computing device 102-1 has access), the sharing manager 110can prevent presenting a notification of the request at a display of thecomputing device 102-1. In particular, the computing device 102-1 canchoose to ignore the request upon identifying that the user information120 associated with the unknown computing device 102 is not included inthe contacts 122 managed by the computing device 102-1. Thisbeneficially provides enhanced granularity in presenting only relevantnotifications to a user of the computing device 102-1. Alternatively,when the computing device 102-1 receives a request from a knowncomputing device 102 (e.g., a friend, a relative, a colleague, etc.) toaccess the wireless network 130, the sharing manager 110 can verify theknown computing device 102 based on the user information 120 associatedwith the known computing device 102. Subsequently, the sharing manager110 can present a notification that the known computing device 102 isrequesting to access the wireless network 130.

Additionally, it is noted that the sharing manager 110 included in thecomputing device 102-1 can utilize the respective user information 120and contacts 122 to avoid presenting information about irrelevantcomputing devices 102 that are seeking to access the wireless network130. Consider, for example, when the computing device 102-1 receives arequest from a different computing device 102-2 to access the wirelessnetwork 130, where the request includes the user information 120associated with the different computing device 102-2. In this example,when the computing device 102-1 has not previously communicated with thedifferent computing device 102-2, the sharing manager 110 of thecomputing device 102-1 can avoid presenting a notification at thecomputing device 102-1, thereby protecting the privacy of the differentcomputing device 102-2. Accordingly, the sharing manager 110 can beconfigured to enforce particular restrictions and limits on the types ofrequests that are presented to a user of the computing device 102-1,thereby enhancing the overall user experience.

Accordingly, as described above, the sharing manager 110 can beconfigured to access the user information 120 and contacts 122 whenservicing requests from the different computing devices 102 to obtainaccess to the wireless network 130. A more detailed description of thistechnique is provided below in conjunction with FIG. 2A. Notably,additional embodiments are described below that can provide additionalsecurity and enhancements when servicing requests from the differentcomputing devices 102 to obtain access to the wireless network 130. Inparticular, the sharing manager 110 of the computing device 102-1 can beconfigured to utilize the device identifier 123, the device key 124, andthe paired device keys 126 to identify whether pre-existingrelationships exist between the computing devices 102.

According to some embodiments, the device identifier (ID) 123 for thecomputing device 102-1 can take any form that enables the computingdevice 102-1 to be recognizable to other computing devices 102.According to some embodiments, the device ID 123 can be based onhardware/software properties associated with the computing device 102-1.For example, the device ID 123 can be based on a phone number, asubscriber identity module (SIM) card, a manufacturer's serial number,and so on. Additionally, the device key 124 for the computing device102-1 can take the form of an encryption key that is utilized by thecomputing device 102-1 to encrypt messages that are transmitted by thecomputing device 102-1 to the other computing devices 102.

According to some embodiments, respective device IDs 123/device keys 124can be shared between two computing devices 102 via a cloud storagesystem or during an initial pairing (e.g., via Bluetooth, NFC, WiFi,etc.) to enable the two computing devices 102 to identify one another ata later time in a secure manner. In one example, the computing device102-1 can store its respective device key 124 at the cloud storagesystem. Subsequently, the different computing device 102 can retrievethe device key 124 from the cloud storage system, and subsequently storethe device key 124. In another example, when the computing device 102-1initially communicates with a different computing device 102, thecomputing device 102-1 can provide its respective device ID 123 to thedifferent computing device 102 for storage. Additionally, the computingdevice 102-1 can provide its respective device key 124 to the differentcomputing device 102 for storage. In any event, when the differentcomputing device 102 obtains access to the device key 124, the differentcomputing device 102 can establish a note of a correlation between thedevice ID 123 and the device key 124 of the computing device 102-1.Similarly, the computing device 102-1 can receive (1) a respectivedevice ID 123 for the different computing device 102, and (2) arespective device key 124 for the different computing device 102. Inturn, the computing device 102-1 can establish a note of the correlationbetween the device ID 123 and the device key 124 of the differentcomputing device 102-2.

According to some embodiments, the above-described correlations can bemanaged at each computing device 102 within the paired device keys 126.In particular, and as illustrated in FIG. 1 , the paired device keys 126for a given computing device 102, e.g., the computing device 102-1, canstore an entry for each different computing device 102 with which thecomputing device 102-1 has previously established communication (e.g.,paired with, stored a phone number, sent a text message, etc.). In thismanner, the computing device 102-1 can receive an encrypted message froma different computing device 102, identify a device key 124 (within thepaired device keys 126) that successfully decrypts the message, and thenidentify of the device ID 123 that corresponds to the device key 124.Importantly, this approach enables the computing device 102-1 toeffectively identify the different computing device 102-2 that transmitsthe encrypted message, while preventing other computing devices102—specifically, those that have not previously establishedcommunication with the different computing device 102-2—from decryptingthe encrypted message. A more detailed description of this technique isprovided below.

Consider, for example a scenario in which the computing device 102-1receives an encrypted message from a different computing device 102,where the underlying content of the encrypted message indicates arequest to obtain access to the wireless network 130 (to which thecomputing device 102-1 has access). In this example, the computingdevice 102-1 can attempt to decrypt the encrypted message using thedifferent device keys 124 that are known to (i.e., previously stored by)the computing device 102-1. When the computing device 102-1 successfullyidentifies a device key 124 (e.g., an encryption key) for decrypting theencrypted message, the computing device 102-1 can also identify thedevice ID 123 that corresponds to the device key 124, and effectivelyidentify details (based on the device ID 123) about the differentcomputing device 102 that is transmitting the encrypted message (e.g.,“Jennifer's iPhone). Notably—and beneficially—the encrypted messagetransmitted by the different computing device 102 presumably cannot bedecrypted by other computing devices 102 with which the differentcomputing device 102 has not previously established communication (e.g.,paired with, etc.), as those computing devices should not possess thedevice key 124 that is utilized by the different computing device 102for encrypting messages. In this manner, the privacy of the differentcomputing device 102 is enhanced as irrelevant/potentially maliciouscomputing devices 102 are unable to immediately decrypt the encryptedmessage. A more detailed description of this technique is provided belowin conjunction with FIG. 2B.

As previously described herein, the computing devices 102 can beconfigured to share WiFi information—illustrated in FIG. 1 asauthentication credentials 136—with one another under appropriatescenarios. According to some embodiments, the authentication credentials136 can represent an SSID associated with a wireless network 130, aswell as a password, a passcode, a passphrase, a hexadecimal string,etc., that can be used to authenticate with and gain access to thewireless network 130. According to some embodiments, sharingauthentication credentials 136 between computing devices 102 caninvolve, for example, a different computing device 102-2 issuing arequest to a computing device 102-1 to access a specific wirelessnetwork 130 (to which the computing device 102-1 has access).Alternatively, the different computing device 102-2 can issue a requestto the computing device 102-1 for a recommendation on an appropriateWiFi network 130 to access. In either case, the computing device 102-1can access the authentication credentials 136 for a wireless network 130within its respective wireless network information 128, and provide theauthentication credentials 136 to the different computing device 102-2.In turn, the different computing device 102-2 can store theauthentication credentials 136 within its respective wireless networkinformation 128, and utilize the authentication credentials 136 toaccess the WiFi network 130.

According to some embodiments, the wireless network information 128 ofthe computing device 102-1 can indicate an active wireless network 134that is currently being accessed by the computing device 102-1. Forexample, the sharing manager 110 can differentiate between the activewireless network 134 and other wireless networks 130 that the computingdevice 102-1 is capable of accessing. According to some embodiments, thesharing manager 110 can determine whether a specific wireless network130 requested by the different computing device 102-2 is active. Forexample, when the specific wireless network 130 requested by thedifferent computing device 102-2 is inactive, the sharing manager 110can refer to the active wireless network 134 to suggest an alternativewireless network 130 that the different computing device 102-2 shouldaccess. In another example, when there are multiple available wirelessnetworks 130 known to the sharing manager 110, the sharing manager 110can recommend the different computing device 102-2 to access theavailable wireless network 130 having the strongest signal strength. Inyet another example, where the request from the different computingdevice 102-2 does not indicate a specific wireless network 130, thesharing manager 110 can suggest that the different computing device102-2 access the active wireless network 134 (to which the computingdevice 102-1 is presently connected) or an alternative wireless network130. Additionally, the sharing manager 110 can suggest a wirelessnetwork 130 from among several available wireless networks 130 accordingto several wireless network factors, such as signal strength, usagestatistics, usage frequency, bandwidth, and so on. Subsequently, thesharing manager 110 can provide the different computing device 102-2with the appropriate authentication credentials 136 to enable access tothe active wireless network 134 or the alternative wireless network 130.

According to some embodiments, in conjunction with providing thepassword to the different computing device 102-2, a user of thecomputing device 102-1 can stipulate a temporal limit in which thepassword will remain valid on the different computing device 102-2. Inparticular, the computing device 102-1 can bundle the password with abit flag (e.g., temporal limit indication) in an encrypted message thatis provided to the different computing device 102-2. For example, thetemporal limit indication can stipulate that the password will remainvalid on the different computing device 102-2 for a period of only 24hours. In this manner, after the period of 24 hours lapses, the temporallimit indication can provide an instruction that causes the password tobe rendered invalid/deleted, thereby preventing the different computingdevice 102-2 from being able to continue to access the wireless network130.

According to some embodiments, the computing device 102-1 can preventthe different computing device 102-2 from sharing receivedauthentication credentials 136 with other computing devices 102. Forexample, the authentication credentials 136 can be stored in a formatwithin the wireless network information 128 that prevents the differentcomputing device 102-2 from sharing the authentication credentials 136.To implement the aforementioned security techniques, the authenticationcredentials 136 can shared with other computing devices 102 in apre-shared key (PSK) format, as described in greater detail below inconjunction with FIG. 8 .

Additionally, and according to some embodiments, the wireless network130 can include security protocols such as Wi-Fi Protected Access (WPA),Wi-Fi Protected Access II (WPA2), Wired Equivalent Privacy (WEP),Enterprise Server Networks, Extensible Authentication Protocol (EAP),and so on. Although not illustrated in FIG. 1 , the computing device 102can include various hardware components, e.g., one or more wirelesscommunications components. In particular, the wireless communicationscomponents can include at least one of a wireless local area network(Wi-Fi) component, a global positioning system (GPS) component, acellular component, an NFC component, an Ethernet component, or aBluetooth component. According to some embodiments, data can betransmitted between the computing devices 102 using any wirelesscommunications protocol implemented by the wireless communicationscomponents. It will be understood that the various computing devices 102can include hardware/software elements that enable the computing devices102 to implement the techniques described herein at varying levels.

According to some embodiments, the sharing manager 110 of a computingdevice 102 can communicate with the wireless communications componentsto both issue requests and service requests received from differentcomputing devices 102. According to some embodiments, the wirelesscommunications components can specify a requisite signal strengththreshold to be satisfied in order to establish a proximity requirementfor the computing devices 102 to communicate with one another. Forexample, the requisite signal strength threshold can be associated witha fixed and/or an adjustable Received Signal Strength Indication (RSSI)level. In response to determining that the signal strength of therequest satisfies the RSSI level, the wireless communications componentscan indicate to the sharing manager 110 that a request is received froma different computing device 102. By monitoring the signal strength ofthe request, the computing device 102 can provide enhanced granularityin presenting relevant notifications at the computing device 102 thatsatisfy the RSSI level. This beneficially prevents other computingdevices 102 that are not near the computing device 102 from burdeningusers with unwanted or irrelevant requests. Thus, the techniquesdescribed herein can provide an additional layer of security and privacyto increase the overall user experience. Accordingly, FIG. 1 sets forthan overview of different components/entities that can be included in thecomputing devices 102 to enable the embodiments described herein to beproperly implemented.

FIGS. 2A-2B illustrate conceptual diagrams of a computing device 102-1servicing a request to access a wireless network 130, according to someembodiments. Specifically, FIG. 2A illustrates a conceptual diagram 202of an example scenario in which a different computing device 102-2requests to access a wireless network 130 through the utilization ofuser information 120 that is stored by the computing device 102-1, aspreviously described herein. In this scenario, the computing device102-1 is communicatively coupled to the wireless network 130 (to whichthe different computing device 102-2 seeks access).

According to some embodiments, the steps 210, 220, 230, and 240illustrated in the conceptual diagram of FIG. 2A can be preceded by thecomputing device 102-1 storing user information 120 associated with thedifferent computing device 102-2. For example, as part of establishingcommunication (e.g., sending a text message, sending an e-mail, etc.)between these two computing devices 102, each of the computing devices102-1,2 can provide the other with user information 120. In turn, eachof the computing devices 102-1,2 can store the user information 120 andestablish a contact card in its contacts 122 that is based on at least asubset (e.g., a first name, a photo, etc.) of the user information 120.

Additionally, subsequent to storing user information 120 associated withthe different computing device 102-2, the computing device 102-1 cangenerate a unique hash value for the user information 120 that is storedin the computing device 102-1. In particular, the computing device 102-1can utilize a hash algorithm (to which the different computing device102-2 also has access) to generate the unique hash value for the userinformation 120. In turn, the computing device 102-1 can make note ofthe correlation between the unique hash value and the user information120. For example, subsequent to correlating the unique hash value to theuser information 120, the computing device 102-1 can establish a hashtable to provide an index between the correlated unique hash value andthe user information 120. According to some examples, so long as theuser information 120 associated with the computing device 102 remainsstatic (i.e., unchanged) then the unique hash value for the userinformation 120 also remains fixed. However, in other examples, theunique hash value for the user information 120 can also continuallyrotate (i.e., altering).

Additionally, the computing device 102-1 can utilize the hash table toestablish a data cache. In this manner, when the computing device 102-1receives a hashed message from the different computing device 102-2, thecomputing device 102-1 can access the data cache (instead ofre-computing the unique hash values for each of the stored userinformation 120) to identify the hashed message as being provided by aknown computing device 102 (e.g., a friend, a relative, a colleague,etc.). Notably—and—beneficially—the data cache can significantlyincrease the processing speed in which the computing device 102-1identifies the different computing device 102-2 that provided the hashedmessage.

As illustrated in FIG. 2A, a first step 210 can involve the computingdevice 102-1 receiving, from the different computing device 102-2, ahashed message 284 that includes a payload 242. Although not illustratedin FIG. 2A, it is noted that other (e.g., nearby) computing devices 102can also be configured to receive the hashed message 284 from thedifferent computing device 102-2. In one example, the wirelesscomponents of the computing devices 102 can specify a RSSI level that isrequired to be satisfied in order for the computing device 102 toprocess the hashed message 284.

According to some embodiments, the payload 242 can include userinformation 120 associated with the different computing device 102-2. Aspreviously described herein, the computing device 102-1 and thedifferent computing device 102-2 have access to the same hashingalgorithm. Accordingly, the different computing device 102-2 can utilizethe hashing algorithm to generate a unique hash value of the userinformation 120. In some examples, the hashing algorithm utilizes shorthashes (e.g., 2 characters, etc.). In turn, the computing device 102-1can be configured to utilize the same hashing algorithm to identify theuser information 120 of the different computing device 102-2, asdescribed in greater detail herein.

According to some embodiments, the payload 242 can further include anindication that the different computing device 102-2 is seeking toaccess a wireless network 130. In particular, the different computingdevice 102-2 can seek to access (1) a specific wireless network 130, or(2) any wireless network 130 (e.g., a wireless network 130 recommendedby the computing device 102-1) that might be available. When thedifferent computing device 102-2 seeks to access the specific wirelessnetwork 130, the payload 242 can specify a unique wireless networkidentifier 254 (e.g., an SSID, etc.) associated with the specificwireless network 130. Alternatively, when the different computing device102-2 seeks to access any wireless network 130, then the unique wirelessnetwork identifier 254 can take on a particular value to indicate that arecommendation for a wireless network 130 is being requested, e.g., anull value.

In the instance that the payload 242 specifies a unique wireless networkidentifier 254 associated with the specific wireless network 130, thedifferent computing device 102-2 can utilize the same hashing algorithm(to which the computing device 102-1 has access to) to generate a uniquehash value for the unique wireless network identifier 254 to be includedin the payload 242. Notably, should the computing device 102-1 haveaccess to the specific wireless network 130, the computing device 102-1can be configured to verify that the unique hash value for the SSID(provided by the different computing device 102-2) corresponds to aunique hash value for the SSID (associated with the specific wirelessnetwork 130 that is stored in the wireless network information 128), aswill be described in greater detail herein.

According to some examples, each of the user information 120 and theunique wireless network identifier 254 can be individually hashed by thedifferent computing device 102-2. In some examples, the user information120 and the unique wireless network identifier 254 can be provided in asingle hashed message or provided in separate hashed messages.

As illustrated in FIG. 2A, a second step 220 can involve the computingdevice 102-1 establishing a secure communication link 224 (e.g.,Transport Layer Security (TLS) protocol) with the different computingdevice 102-2 in response to identifying that a pre-existing relationshipexists between these two computing devices 102-1,2. In conjunction witha process for identifying whether the pre-existing relationship exists,the computing device 102-1 can compare (e.g., via a hash table, a datacache, etc.) the unique hash value for the user information 120(included in the payload 242) to a unique hash value for the userinformation 120 stored in the computing device 102-1. In response todetermining that the unique hash values correspond to each other, thecomputing device 102-1 can correlate the unique hash value to the userinformation 120 of a known computing device 102. Accordingly, thecomputing device 102-1 can determine the identity of the known computingdevice 102.

Returning back to establishing the secure communication link 224, thecomputing device 102-1 can share a symmetric key with the differentcomputing device 102-2 in conjunction with establishing the securecommunication link 224. In turn, the symmetric key can be utilized toencrypt/decrypt messages transmitted between these two computing devices102-1,2 via the secure communication link 224.

As illustrated in FIG. 2A, a third step 230 can involve the computingdevice 102-1 providing the authentication credentials 136 associatedwith the wireless network 130 to the different computing device 102-2.According to some embodiments, the computing device 102-1 can extractthe unique wireless network identifier 254 to determine whether thedifferent computing device 102-2 is seeking to access (1) a specificwireless network 130, or (2) any wireless network 130 that might beavailable. In particular, identifying the SSID associated with thespecific wireless network 130 requested by the different computingdevice 102-2 can involve performing a hash value comparison on theunique wireless network identifier 254 (e.g., SSID) included in thepayload 242 to the SSID stored in the authentication credentials 136.Subsequent to identifying the SSID requested, the computing device 102-1can present a notification (in accordance with the indication) to a userof the computing device 102-1. For example, when the unique wirelessnetwork identifier 254 indicates a specific wireless network 130, thenotification can request the user to grant the different computingdevice 102-2 access to the specific wireless network 130. In anotherexample, when the unique wireless network identifier 254 does notindicate a specific wireless network 130, the notification can requestthe user to select from available wireless networks 130 to which thecomputing device 102-2 should connect. In either case, in response toreceiving an approval from the user to grant the different computingdevice 102-2 access to a wireless network 130, the computing device102-1 can access the authentication credentials 136 for the wirelessnetwork 130 (within its respective wireless network information 128),and provide the authentication credentials 136 to the differentcomputing device 102-2 in a payload 244.

According to some embodiments, subsequent to establishing the securecommunication link 224, but prior to providing the authenticationcredentials 136 in the payload 244, the different computing device 102-2can provide a larger hash value (e.g., 32 characters) of its userinformation 120 to the computing device 102-1 that can be more difficultfor an unknown computing device to fabricate than a shorter hash value.Beneficially, in this manner, by requiring that the different computingdevice 102-2 provide the larger hash value of its user information 120,the computing device 102-1 can ensure that the different computingdevice 102-2 is indeed known or recognizable to the computing device102-1. In contrast, the user information 120 hashed using the shorterhash value that was included in the payload 242 may be preferential inenabling the different computing device 102-2 to process the hashedmessage 284 more quickly.

According to some embodiments, the computing device 102-1 can establishan encrypted message 292 using the symmetric key shared between thesetwo computing devices 102-1,2. In particular, the encrypted message 292can include the payload 244. In some examples, the payload 244 can alsoinclude additional information 138 that can facilitate in enabling thedifferent computing device 102-2 to access the specific wireless network130 that the computing device 102-1 has access to. For example, theadditional information 138 can indicate the specific wireless channelthat the computing device 102-1 has access to. In turn, the differentcomputing device 102-2 can obtain the authentication credentials 136 bydecrypting the encrypted message 292 using the symmetric key.

As illustrated in step 240 of FIG. 2A, the different computing device102-2 can utilize the authentication credentials 136 to access thespecific wireless network 130.

Specifically, FIG. 2B illustrates a conceptual diagram 204 of an examplescenario in which a different computing device 102-2 requests to accessa wireless network 130 through utilization of a device key 124 that isshared between the computing device 102-1 and the different computingdevice 102-2, as previously described herein. In this scenario, thecomputing device 102-1 is communicatively coupled to the wirelessnetwork 130 (to which the different computing device 102-2 seeksaccess).

According to some embodiments, the steps 260, 270, 280, and 290illustrated in the conceptual diagram 204 can be preceded by thecomputing device 102-1 receiving access to a device key 124 associatedwith the different computing device 102-2 to enable the two computingdevices 102 to identify one another at a later time in a secure manner.In particular, the computing devices 102-1,2 can establishbi-directional correlation of their respective device keys 124. In oneexample, in conjunction with an initial pairing process (e.g.,Bluetooth, etc.), each of the computing devices 102-1,2 can provide theother with (1) a respective ID 123, and (2) a respective device key 124(e.g., an encryption key). In another example, each of the computingdevices 102-1,2 can provide the other with the respective device key 124in conjunction with having established prior communication between eachother (e.g., e-mail message, phone call, etc.). In particular, a cloudstorage system can be utilized to provide each other device with accessto the respective device key 124. In turn, each of the computing devices102,1-2 can make note of the correlation between the respective devicekey 124 and the respective device ID 123. In this manner, and asdescribed in greater detail herein, when the computing device 102-1receives an encrypted message (including the device ID 123) from thedifferent computing device 102-2, the computing device 102-1 canidentify the device key 124 for decrypting the encrypted message. Inturn, the computing device 102-1 can correlate the device key 124 to thedevice ID 123, thereby enabling the computing device 102-1 to identifythe different computing device 102-2 in a secure manner. Additionally,the correlation between the respective device key 124 and the respectivedevice ID 123 can also be single-direction. For example, when thecomputing device 102-1 receives the respective ID 123 and respectivedevice key 124 associated with the different computing device 102-2, thecomputing device 102-1 can make note of this correlation, but it doesnot provide its respective ID 123 and respective device key 124 to thedifferent computing device 102-2. Beneficially, this imparts anadditional layer of privacy for the computing device 102-1 thatafterwards grants the different computing device 102-2 access to aspecific wireless network 130. Additionally, an additional layer ofprivacy can be imparted by enabling these computing devices 102-1,2 torotate their respective device keys 124 so that their respective devicekeys 124 are not fixed to their respective device ID 123. In thismanner, users of computing devices 102 who have not maintainedcommunication with each other (e.g., e-mail, text message, phone call,etc.) over a predetermined period of time may not be in possession ofthe most current device key 124 that is associated with the respectivecomputing device 102.

As illustrated in FIG. 2B, a first step 260 can involve the computingdevice 102-1 receiving, from the different computing device 102-2, anencrypted message 294 that includes a payload 262. According to someembodiments, the encrypted message 294 can be established using thedevice key 124 (e.g., encryption key) that is accessible to thedifferent computing device 102-2. In particular, the payload 262 caninclude the device ID 123 associated with the different computing device102-2. In some examples, the device ID 123 can be periodically updatedto inform other computing devices 102 with which the different computingdevice 102-2 is associated. For example, the different computing device102-2 can update the device ID 123 (e.g., randomly generate a value forthe device ID 123) and provide the updated device ID 123 to a cloudservice to which the different computing device 102-2 and the othercomputing devices 102 are communicably coupled. In turn, the cloudservice can distribute the updated device ID 123 to the other computingdevices 102. Using this approach, the other computing devices 102 canremain capable of identifying the different computing device 102-2 byutilizing the updated device ID 123 (as well as the device key 124). Inthis manner, the overall security can be enhanced as malicious/unrelatedcomputing devices 102 who are in possession of the device ID 123 will beunable to identify the different computing device 102-2 when the deviceID 123 is updated (and presumably not provided to the maliciouscomputing devices 102).

According to some embodiments, the payload 262 can further include aunique wireless network identifier 254 (e.g., an SSID, etc.) associatedwith a specific wireless network 130. For example, when the computingdevice 102-2 seeks to access the specific wireless network 130, thepayload 262 can indicate a unique wireless network identifier 254 (e.g.,an SSID) associated with the specific wireless network 130.Alternatively, when the different computing device 102-2 seeks to accessany wireless network 130, then the unique wireless network identifier254 can take on a particular value to indicate that a recommendation fora wireless network 130 is being requested, e.g., a null value. Accordingto some embodiments, each of the user information 120 and the uniquewireless network identifier 254 can be transmitted in a single encryptedmessage or sent in separate encrypted messages.

As illustrated in FIG. 2B, a second step 270 can involve the computingdevice 102-1 establishing a secure communication link 272 (e.g.,Transport Layer Security (TLS) protocol) with the different computingdevice 102-2. In establishing the secure communication link 272, thecomputing device 102-1 can share a symmetric key with the differentcomputing device 102-2 in conjunction with establishing a securedsession for the secure communication link 272. According to someembodiments, the secure communication link 272 can be establishedsubsequent to identifying that a pre-existing relationship existsbetween these two computing devices 102-1,2. In conjunction with aprocess for identifying whether the pre-existing relationship exists,the computing device 102-1 can attempt to decrypt the contents of theencrypted message 294 using the different device keys 124 that are known(i.e., previously stored by) the computing device 102-1. When thecomputing device 102-1 successfully identifies a device key 124 fordecrypting the encrypted message 294, the computing device 102-1 canidentify the device ID 123, and effectively identify details (e.g.,based on the device ID 123) about the different computing device 102-2.

As illustrated in FIG. 2B, a third step 280 can involve the computingdevice 102-1 providing the authentication credentials 136 associatedwith the wireless network 130 to the different computing device 102-2.Subsequent to decrypting the encrypted message 294, the computing device102-1 can extract the unique wireless network identifier 254 todetermine whether the different computing device 102-2 indicates that itis seeking to access (1) a specific wireless network 130, or (2) anywireless network 130 that might be available. In turn, the sharingmanager 110 of the computing device 102-1 can present a notification (inaccordance with the indication) to a user of the computing device 102-1.For example, when the unique wireless network identifier 254 indicates aspecific wireless network 130, the notification can request the user togrant the different computing device 102-2 access to the specificwireless network 130. In another example, when the unique wirelessnetwork identifier 254 does not indicate a specific wireless network130, the notification can request the user to select from availablewireless networks 130 to which the computing device 102-2 shouldconnect.

In either case, in response to receiving an approval from the user togrant the different computing device 102-2 access to a wireless network130, the computing device 102-1 can access the authenticationcredentials 136 for the wireless network 130 (within its respectivewireless network information 128), and provide the authenticationcredentials 136 to the different computing device 102-2 in a payload 264that is included in an encrypted message 296. According to someembodiments, the encrypted message 296 can be established using thesymmetric key shared between these two computing devices 102-1,2 inconjunction with establishing the secure communication link 272. Next,the computing device 102-1 can establish the encrypted message 296 usingthe symmetric key shared between these two computing devices 102-1,2. Inturn, the different computing device 102-2 can obtain the authenticationcredentials 136 by decrypting the encrypted message 296 using thesymmetric key.

As illustrated in step 290 of FIG. 2B, the different computing device102-2 can utilize the authentication credentials 136 to access thespecific wireless network 130.

FIG. 3 illustrates a method 300 for servicing a request issued by anearby computing device to access a wireless network, according to someembodiments. As illustrated in FIG. 3 , the method 300 begins at step302, where the computing device—e.g., a computing device 102-1—receivesa request from a nearby computing device—e.g., a nearby computing device102-2—to access a wireless network 130, where the request includes userinformation 120 associated with the nearby computing device 102-2. Thiscan occur, for example, subsequent to the computing device 102-1 storinguser information 120 for the nearby computing device 102-2 as a resultof communications between these two computing devices 102.

At step 304, the computing device 102-1 can determine whether a signalstrength associated with the request satisfies a signal threshold. Aspreviously described herein, the sharing manager 110 of the computingdevice 102-1 can interface with the wireless communications componentsto determine whether the signal strength of the request satisfies arequisite RSSI level to process the request. If the computing device102-1 determines that the signal strength associated with the requestdoes not satisfy the signal threshold, then the computing device 102-1can prevent any notification associated with the request from beingpresented to a user of the computing device 102-1, as indicated by step306. This can beneficially prevent the user of the computing device102-1 from being bothered by unknown/irrelevant computing devices 102.

Alternatively, in response to the computing device 102-1 determiningthat the signal strength of the request satisfies the requisite RSSIlevel, the computing device 102 can determine whether the userinformation 120 included in the request is recognized by the computingdevice 102-1, as indicated by step 308. In particular, the computingdevice 102-1 can identify whether a pre-existing relationship existswith the nearby computing device 102-2 by comparing the user information120 included in the request to the contacts 122 managed by the computingdevice 102-1. Upon determining that the user information 120 is notincluded in the contacts 122, the computing device 102-1 can prevent anynotification associated with the request from being presented to a userof the computing device 102-1, as indicated by step 306.

Otherwise, when the computing device 102-1 determines that the userinformation 120 is included in its contacts 122, the computing device102-1 can determine, at step 310, whether the request indicates aspecific wireless network 130 that the nearby computing device 102-2seeks to access. As previously described above with reference to FIGS.2A-2B, the nearby computing device 102 can specify a specific wirelessnetwork 130 using, for example, an SSID for the specific wirelessnetwork 130. At step 312, in response to determining that the requestindicates the specific wireless network 130, the computing device 102-1can present a notification to inquire about whether the user of thecomputing device 102-1 approves of granting the nearby computing device102-2 access to the specific wireless network 130. In one example, thenotification presented to the user can include a contact card that isbased on at least a subset of the user information 120 for the nearbycomputing device 102-2. In this manner, the notification can include,for example, a first name, a photo, etc., to inform the user of anidentity of the nearby computing device 102-2 (and the user whopresumably is operating it).

At step 314, the computing device 102-1 can receive an approval from theuser to enable the nearby computing device 102-2 to access the specificwireless network 130. In turn, the computing device 102-1 can provideauthentication credentials 136 (e.g., a password, a passcode, etc.)associated with the specific wireless network 130, which can be used bythe nearby computing device 102-2 to authenticate with and gain accessto the specific wireless network 130, as indicated by step 316.

Returning back now to step 310, if a specific wireless network 130 isnot indicated by the nearby computing device 102-2, the computing device102-1 can provide the nearby computing device 102-2 with a suggestion toaccess, for example, an active wireless network 134 (to which thecomputing device 102-1 is presently connected) or an alternativewireless network 130 that is available to be accessed, etc., asindicated by step 318. At step 320, the computing device 102-1 canprovide, in response to receiving an acceptance from the nearbycomputing device 102-2, authentication credentials 136 associated withthe suggested wireless network 130. In turn, at step 316, the nearbycomputing device 102-2 can utilize the authentication credentials 136 toauthenticate with and gain access to the suggested wireless network 130.In turn, the method 300 can proceed to the method 800 of FIG. 8 , whichis described below in greater detail.

FIG. 4 illustrates a method 400 for enabling a computing device to issuea request to a nearby computing device to access a wireless network,according to some embodiments. As illustrated in FIG. 4 , the method 400begins at step 402, where a computing device—e.g., a computing device102-2—presents a notification at a display of the computing device 102-2to establish access to a wireless network 130. This can occur, forexample, when a user of the computing device 102-2 attempts to access awireless network 130 but lacks the authentication credentials 136 toaccess the wireless network 130. The notification can also include alisting of other wireless networks 130 that are available in the currentlocation in which the computing device 102-2 is disposed. At step 404,the computing device 102-2 can determine whether a selection (e.g., by auser) of a specific wireless network 130 is received. In response todetermining that the selection of the specific wireless network 130 isreceived, the computing device 102-2 can issue, to at least one nearbycomputing device 102—e.g., a nearby computing device 102-1—a requestthat includes (1) user information 120 associated with the computingdevice 102-2, and (2) an indication to access the specific wirelessnetwork 130, as indicated by step 406.

When the nearby computing device 102-1 receives the request, the nearbycomputing device 102-1 can compare the user information 120 associatedwith the computing device 102-2 to the contacts 122 managed by thecomputing device 102-2 to identify whether a pre-existing relationshipexists between these two computing devices 102-1,2. In turn, the nearbycomputing device 102-1 can receive an approval by the user of the nearbycomputing device 102-1 to grant the computing device 102-2 access to thespecific wireless network 130. As indicated by step 418, the computingdevice 102-2 can receive a password (e.g., via authenticationcredentials 136) associated with the specific wireless network 130 toenable the computing device 102-2 to access the specific wirelessnetwork 130.

Referring back now to step 404, when a selection of a specific wirelessnetwork is not received, the method 400 can proceed to step 408, whichinvolves identifying nearby computing devices 102 that are recognizableto the computing device 102-2. For example, the computing device 102-2can compare respective user information 120 associated with the nearbycomputing devices 102 to its contacts 122. In turn, the nearby computingdevices 102 that are recognized by the computing device 102-2 can bepresented at the display of the computing device 102-2. In turn, thecomputing device 102-2 can wait for the user to select one of therecognized nearby computing devices 102.

Next, at step 410, the computing device 102-2 can receive a selection ofa nearby computing device 102—e.g., a nearby computing device 102-3—thatcan potentially service the request issued by the computing device 102-2to access the wireless network 130. At step 412, the computing device102-2 can send, to the nearby computing device 102-3, a request toaccess a wireless network 130. The request can include (1) userinformation 120 associated with the computing device 102-2, and (2) anindication of the desire to access any available wireless network 130(to which the nearby computing device 102-3 has access). In turn, thenearby computing device 102-3 can indicate a suggested wireless network130 to the computing device 102-2. At step 414, the computing device102-2 can receive, from the nearby computing device 102-3, an inquiry toaccept the suggested wireless network 130. In turn, at step 416, thecomputing device 102-2 can accept the inquiry by sending an approval tothe nearby computing device 102-3 to access the suggested wirelessnetwork. Finally, at step 418, the computing device 102-2 can receive apassword (e.g., via authentication credentials 136) associated with thesuggested wireless network 130 to enable the computing device 102-2 toaccess the suggested wireless network 130. In turn, the method 400 canalso proceed to the method 800 of FIG. 8 , which is described below ingreater detail.

FIG. 5 illustrates a method 500 for sharing a device key between twocomputing devices for identifying one another at a later time, accordingto some embodiments. As illustrated in FIG. 5 , the method 500 begins atstep 502, where a computing device—e.g., a computing device102-1—receives a request from a nearby computing device—e.g., a nearbycomputing device 102-2—to establish an initial pairing. According tosome embodiments, the request can include a device ID 123 associatedwith the nearby computing device 102-2. In turn, the computing device102-1 can present a notification at a display of the computing device102-1 to inquire about whether a user of the computing device 102-1approves of establishing the initial pairing.

At step 504, the computing device 102-1 can receive an approval from theuser to enable the computing device 102-1 to establish the initialpairing with the nearby computing device 102-2. In turn, the device ID123 associated with the nearby computing device 102-2 can be stored inthe paired device keys 126 of the computing device 102-1.

At step 506, subsequent to establishing the initial pairing, thecomputing device 102-1 can receive a device key 124 (e.g., an encryptionkey) associated with the nearby computing device 102-2. In someexamples, the nearby computing device 102-2 can directly provide thedevice key 124 to the computing device 102-1. In some examples, thenearby computing device 102-2 can provide the device key 124 to a cloudnetworking storage system (to which the computing device 102-1 hasaccess). In turn, the cloud networking storage system can distribute thedevice key 124 to the computing device 102-1. In some examples, each ofthe computing devices 102-1,2 can provide the other with (1) arespective ID 123, and (2) a respective device key 124 (e.g., anencryption key) as a result of the initial pairing process.

Although not illustrated in FIG. 5 , in some embodiments, the nearbycomputing device 102-2 can provide its device key 124 to known computingdevices 102-N, in which an initial pairing between these two computingdevices 102 cannot be established. In particular, the nearby computingdevice 102-2 can provide its (1) device ID 123 and (2) device key 124 toany selection of known computing devices 102-N (e.g., respective userinformation 120 associated with the known computing devices 102-N isstored in the contacts 122 of the nearby computing device 102-2).Consider, for example, if a user of the nearby computing device 102-2lives in Cupertino, and the user's friend—e.g., known computing device102-3—lives in Tokyo and whose user information 120 is stored in thenearby computing device 102-2. Due to lack of close geographicalproximity, there may not be an opportunity for these two computingdevices 102 to utilize an initial pairing process as a mechanism forsharing a device key 124. In addressing this example scenario, the userof the nearby computing device 102-2 can distribute its device key 124to the known computing device 102-3 (and any other selection of knowncomputing devices 102-N having user information 120 that is stored inthe nearby computing device 102-2) by using the cloud networking storagesystem.

In either case, at step 508, the computing device 102 can make note ofthe correlation between the respective device ID 123 and the respectivedevice key 124 associated with the nearby computing device 102-2,thereby enabling the computing device 102 to identify the nearbycomputing device 102-2 at a later time in a secure manner. In thismanner, and as described in greater detail herein, when the computingdevice 102 receives an encrypted message from the nearby computingdevice 102-2, the computing device 102 can identify the device key 124for decrypting the encrypted message so as to identify details (e.g.,based on the device ID 123) about the nearby computing device 102-2. Inturn, the method 500 can also proceed to any one of method 600 of FIG. 6or method 700 of FIG. 7 , which is described below in greater detail.

FIG. 6 illustrates a method 600 for servicing a request issued by anearby computing device to access a wireless network, according to someembodiments. As illustrated in FIG. 6 , the method 600 begins at step602, where a computing device—e.g., a computing device 102-1— receivesan encrypted request from a nearby computing device—e.g., a nearbycomputing device 102-2—that includes an indication that the nearbycomputing device 102-2 is seeking to access a wireless network 130. Thiscan occur, for example, subsequent to the computing device 102-1receiving (1) a device ID 123 associated with the nearby computingdevice 102-2, and (2) a device key 124 associated with the nearbycomputing device 102-2.

At step 604, the computing device 102-1 can determine whether it hasaccess to a device key 124 associated with the nearby computing device102-2 for decrypting the encrypted request. In particular, the computingdevice 102-1 can attempt to decrypt the contents of the encryptedrequest using the different device keys 124 that are known (i.e.,previously stored by) the computing device 102-1. If the computingdevice 102-1 is unable to identify a device key 124 for decrypting theencrypted request, then the computing device 102-1 can continuemonitoring for additional encrypted requests.

At step 606, upon successfully identifying a device key 124 fordecrypting the encrypted request, the computing device 102-1 canidentify the device ID 123 that corresponds to the device key 124, andeffectively identify details (e.g., based on the device ID 123) aboutthe nearby computing device 102-2.

At step 608, subsequent to decrypting the encrypted request, thecomputing device 102-1 can extract an indication (included in theencrypted request) of a unique wireless network identifier associatedwith a specific wireless network 130 that the nearby computing device102-2 is seeking to access. Although, in some examples, the uniquewireless network identifier does not indicate the specific wirelessnetwork 130. In either case, the computing device 102-1 can display anotification (in accordance with the indication) to a user of thecomputing device 102-1. For example, when the unique wireless networkidentifier indicates the specific wireless network 130, the notificationcan request that the user approve the nearby computing device 102-2access to the specific wireless network 130. Alternatively, when theunique wireless network identifier does not indicate the specificwireless network 130, the notification can request the user to suggestan available wireless network 130 to which the nearby computing device102-2 should connect.

In either case, at step 610, the computing device 102-1 can determinewhether approval is received for the nearby computing device 102-2 toaccess the wireless network 130. Upon determining that approval is notreceived, the computing device 102-1 can prevent a password (e.g., viaauthentication credentials 136) from being provided to the nearbycomputing device 102-2, at step 612. Otherwise, if approval is received,the computing device 102-1 can provide the password to enable the nearbycomputing device 102-2 to access the wireless network 130, at step 614.In turn, the method 600 can also proceed to the method 800 of FIG. 8 ,which is described below in greater detail.

FIG. 7 illustrates a method 700 for enabling a computing device to issuea request to a nearby computing device to access a wireless network,according to some embodiments. As illustrated in FIG. 7 , the method 700begins at step 702, where a computing device—e.g., a computing device102-2—presents a notification at a display of the computing device 102-2for establishing access to a wireless network 130. In some examples, thenotification can present a list of one or more available wirelessnetworks in the current location in which the computing device 102-2 isdisposed. At step 704, the computing device 102-2 can determine whethera selection of a specific wireless network 130 among the one or moreavailable wireless networks is received. If the selection of thespecific wireless network 130 is not received, then the computing device102-2 can continue monitoring for an additional selection.

At step 706, in response to determining that the selection of thespecific wireless network 130 is received, the computing device 102-2can establish an encrypted request using a device key 124 associatedwith the computing device 102-2, in which the encrypted request includesan indication to access the specific wireless network 130. The specificwireless network 130 can be indicated by using a unique wireless networkidentifier. According to some embodiments, the nearby computingdevice—e.g., 102-1—is communicatively coupled to the specific wirelessnetwork 130. In this manner, the nearby computing device 102-1 can beconfigured to service the request received from the computing device102-2 to obtain access to the specific wireless network 130.

At step 708, the computing device 102-2 can send the encrypted requestto the nearby computing device 102-1. In turn, the nearby computingdevice 102-1 can attempt to decrypt the contents of the encryptedrequest using the different device keys 124 that are known (i.e.,previously stored by) the nearby computing device 102-1. As previouslydescribed herein, the nearby computing device 102-1 received access to a(1) a device key 124 associated with the computing device 102-2, and (2)a device ID 123 associated with the computing device 102-2. Accordingly,the nearby computing device 102-1 can identify details (e.g., based onthe device ID 123) about the computing device 102-2 based on the devicekey 124 that is used for decrypting the encrypted request. Subsequent todecrypting the encrypted request, the nearby computing device 102-1 candetermine that the decrypted request indicates the specific wirelessnetwork 130. In turn, the nearby computing device 102-1 can present anotification to inquire about whether a user of the nearby computingdevice 102-1 approves of granting the computing device 102-2 access tothe specific wireless network 130.

At step 710, if the user of the nearby computing device 102-1 approves,the computing device 102-2 can receive a password (e.g., viaauthentication credentials 136) for accessing the specific wirelessnetwork 130. Returning back now to step 704, if a selection of thespecific wireless network 130 is not received by the computing device102-2, the computing device 102-2 can present, at the display of thecomputing device 102-2, nearby computing devices 102 having respectiveuser information 120 that is recognized by the computing device 102-2,as indicated by step 712. In turn, the computing device 102-2 can waitfor the user to select one of the nearby computing devices 102. At step714, the computing device 102-2 can determine whether a selection of oneof the nearby computing devices 102 is received. If the selection is notreceived, then the computing device 102-2 can continue monitoring for anadditional selection.

At step 716, in response to receiving the selection of a nearbycomputing device 102-2, the computing device 102-2 can establish anencrypted request using the device key 124 associated with the computingdevice 102-2, in which the encrypted request includes an indication toaccess any wireless network 130 suggested by the nearby computing device102-1. Next, the computing device 102-2 can send the encrypted requestto the nearby computing device 102-3. In turn, the nearby computingdevice 102-3 can decrypt the encrypted request and present anotification that inquires whether a user of the nearby computing device102-3 allows or denies the computing device 102-2 access to an activewireless network or an alternative wireless network. In either case, ifthe user of the nearby computing device 102-3 accepts, the nearbycomputing device 102-3 can provide a suggested wireless network 130 tothe computing device 102-2.

In turn, at step 718, the computing device 102-2 can receive an inquiry,from the nearby computing device 102-3, about whether to accept accessto the suggested wireless network 130. At step 720, the computing device102-2 can accept the inquiry by sending an approval to the nearbycomputing device 102-3. Finally, at step 710, the computing device 102-2can receive a password (e.g., via authentication credentials 136)associated with the suggested wireless network 130 to enable thecomputing device 102-2 to access the suggested wireless network 130. Inturn, the method 700 can also proceed to the method 800 of FIG. 8 ,which is described below in greater detail.

FIG. 8 illustrates a method 800 that can extend any one of the method300 (described in conjunction with FIG. 3 ), the method 400 (describedin conjunction with FIG. 4 ), the method 600 (described in conjunctionwith FIG. 6 ), or the method 700 (described in conjunction with FIG. 7). The method 800 involves servicing a request by a computing device toshare a password for a wireless network with other computing devices,according to some embodiments. As illustrated in FIG. 8 , the method 800begins at step 802, where the computing device—e.g., a computing device102-2—receives a request to provide a password (e.g., via authenticationcredentials 136) associated with a wireless network 130 to enable adifferent computing device—e.g., a different computing device 102-3—toaccess the wireless network 130. This can occur, for example, subsequentto the computing device 102-2 receiving the password for the wirelessnetwork 130 from a nearby computing device—e.g., a nearby computingdevice 102-1—in response to requesting access to (1) a specific wirelessnetwork 130, or (2) any wireless network 130.

At step 804, the computing device 102-2 can determine whether thepassword is permitted to be shared with other computing devices 102.According to some embodiments, the computing device 102-2 can determinewhether the password is stored at the computing device 102-2 is in apre-shared key (PSK) format. In particular, when the nearby computingdevice 102-1 provided the password to the computing device 102-2, theplaintext of the password can be converted into the PSK format (e.g., 64hexadecimal characters) and shared in the PSK format. In some examples,the PSK format can be generated via a hash algorithm. Accordingly, inresponse to identifying that the password is stored in the PSK format atthe computing device 102-2, the computing device 102-2 can determine (1)that the password was provided by another computing device 102 (i.e.,the password was not manually entered by a user of the computing device102-2), (2) that the password cannot be shared with the differentcomputing device 102-3. Notably and beneficially—a user of the nearbycomputing device 102-1 that shared the password with the computingdevice 102-2 is unburdened with the concern that the computing device102-2 can obtain the plaintext version of the password and share thepassword with unauthorized persons who can gain access to potentiallysensitive data that is accessible via the wireless network 130.Additionally, it should be noted that in some examples, the password inthe PSK format does not represent a literal readout of the password.Accordingly, the plaintext of the password cannot be derived even if thekeychain is inspected.

Although in some embodiments, it should be noted that no restrictionsare placed onto the password that would prevent the password from beingshared by the computing device 102-2 with the different computing device102-3.

At step 806, in response to determining that the password is permittedto be shared with other computing devices 102, the computing device102-2 is enabled to provide the password to the different computingdevice 102-3. For example, when the computing device 102-2 determinesthat the password is a passphrase (e.g., 8 to 63 character passphrase),then the computing device 102-2 can determine that the password ispermitted to be shared with other computing devices 102.

Returning back now to step 804, if the password is not permitted to beshared with other computing devices 102, then the computing device 102-2is prevented from providing the password with the different computingdevice 102-3, as indicated by step 808.

FIGS. 9A-9D illustrate conceptual diagrams of example user interfacesthat can be implemented at different computing devices—e.g., 102-1,2—toservice a request to access a specific wireless network, according tosome embodiments. As illustrated in FIG. 9A, at step 910, a userinterface 912 of a computing device—e.g., a destination computing device102-1—can present a list of available wireless networks in the currentlocation in which the destination computing device 102-1 is disposed.Consider, for example, that the list of available wireless networkspresented at the user interface 912 are those that satisfy a requisitewireless signal strength.

FIG. 9A illustrates that the user interface 912 can be configured toreceive a selection of a specific wireless network from among the listof available wireless networks. For example, as illustrated in FIG. 9A,the user interface 912 can receive the selection 914 of a specificwireless network (“Linda_Mar”) by a user of the destination computingdevice 102-1. According to some examples, the destination computingdevice 102-1 can determine whether the specific wireless network(“Linda_Mar”) that is selected is capable of being accessed (i.e.,shared) by other computing devices 102, such as if the specific wirelessnetwork (“Linda_Mar”) utilizes a WPA2 security protocol. In response todetermining that the specific wireless network (“Linda_Mar”) can beaccessed by other computing devices 102, the destination computingdevice 102-1 can transmit the request to a source computing device 102-2having access to this specific wireless network.

According to some embodiments, the specific wireless network that isdesired by the destination computing device 102-1 to be selected may notbe initially presented at the user interface 912. Instead the specificwireless network can be requested by selecting the other icon 916. Insome examples, the specific wireless network (that is accessible to thesource computing device 102-2) may be a hidden network that is notvisibly presented at the user interface 916. In accordance with thisexample, the destination computing device 102-1 can request that thesource computing device 102-2 provide the destination computing device102-1 with a hidden specific wireless network that can be accessed.Subsequently, the source computing device 102-2 can provide thedestination computing device 102-1 with a suggested wireless network.

Turning now to FIG. 9B, at step 920, in response to receiving theselection 914 of the specific wireless network (“Linda_Mar”), thedestination computing device 102-1 can present a user interface 922 thatprompts for a password in order for the destination computing device102-1 to access the specific wireless network (“Linda_Mar”). Inconjunction with presenting the user interface 922, the destinationcomputing device 102-1 can additionally perform a checklist ofconditions prior to transmitting the request to the source computingdevice 102-2 to access the specific wireless network (“Linda_Mar”). Inparticular, the conditions of the checklist can include at least one of:(1) determining whether the destination computing device 102-1 is signedinto a single sign-on service, (2) whether the prompt for the passwordis presented at the user interface 922, or (3) whether the specificwireless network (“Linda_Mar”) can be accessible by other computingdevices 102, such as if password associated with this specific wirelessnetwork utilizes a password with the WPA2 format. When at least one ofthese conditions is met, then the destination computing device 102-1 canbe enabled to transmit the request to the source computing device 102-2.

Subsequent to transmitting the request, the destination computing device102-1 can wait for a user of the source computing device 102-2 to acceptthe request. In particular, a password entry box 926 included in theuser interface 922 can be unfilled while the destination computingdevice 102-1 waits for approval from a user of the source computingdevice 102-2. In some examples, the password entry box 926 can receivethe password via (1) manual entry or (2) auto-fill.

According to some embodiments, the user interface 922 can presentinstructions 924 that prompts the user to bring the destinationcomputing device 102-1 closer (e.g., in proximity) to the sourcecomputing device 102-2. As previously described herein, the sourcecomputing device 102-2 can specify a requisite RSSI level that isrequired to be satisfied in order for the source computing device 102-2to process the request.

Turning now to the source computing device 102-2 as illustrated in step930 of FIG. 9C, the source computing device 102-2 can receive therequest from the destination computing device 102-1. In response, thesource computing device 102-2 can present a user interface 932 thatdisplays a notification 934 to inquire whether the user of the sourcecomputing device 102-2 allows or declines the destination computingdevice 102-1 to access the specific wireless network (“Linda_Mar”). Inone example, the notification 934 can include a contact card that isbased on at least a subset of the user information 120 for thedestination computing device 102-1. The notification 934 can include,for example, a first name, to inform the user of an identity of thedestination computing device 102-1 (and the user who presumably isoperating it). In turn, the user of the source computing device 102-2can select an allow icon 936 to accept the request for the destinationcomputing device 102-1 to access the specific wireless network(“Linda_Mar”).

Returning to the destination computing device 102-1 as illustrated instep 940 of FIG. 9D, the destination computing device 102-1 can receivethe acceptance from the source computing device 102-2. As illustrated inFIG. 9D, a password entry box 944 of a user interface 942 of thedestination computing device 102-1 is updated (according to theacceptance) to include an auto-filled password that is associated withthe specific wireless network (“Linda_Mar”). In turn, the user canselect the join icon 946 to enable the destination computing device102-1 to access this specific wireless network. Alternatively, thedestination computing device 102-1 can automatically join this specificwireless network. Notably and beneficially—the characters of theauto-filled password are hashed to prevent the user of the destinationcomputing device 102-1 from sharing the password with other computingdevices 102. It is noted that the user interfaces 912, 922, 932, and 942illustrated in FIGS. 9A-9D are merely exemplary and that any userinterface can be implemented at the computing devices 102-1,2 to providethe same or similar functionality.

FIGS. 10A-10D illustrate conceptual diagrams of example user interfacesthat can be implemented at different computing devices—e.g., 102-1,2—toservice a request to access any wireless network, according to someembodiments. As illustrated in FIG. 10A, at step 1010, a user interface1012 of a computing device—e.g., a destination computing device102-2—can present a list of nearby computing devices 102 (and subsets oftheir respective user information 120) that are recognizable to thedestination computing device 102-2. Consider, for example, that the listof nearby computing devices 102 presented at the user interface 1012 arealso within proximity to the destination computing device 102-2 (e.g.,satisfy a requisite RSSI level, etc.).

FIG. 10A illustrates that the user interface 1012 can be configured toreceive a selection 1014 of a source computing device 102-1 from amongthe list of nearby computing devices 102. For example, as illustrated inFIG. 10A, the user interface 1012 can receive the selection 1014 of thesource computing device 102-1 that is recognizable as (“Jay”). In turn,the destination computing device 102-2 can transmit a request to thesource computing device 102-1 to access any wireless network 130.

FIG. 10B illustrates at step 1020, a user interface 1022 of thedestination computing device 102-2 in conjunction with transmitting therequest to the user (“Jay”) of the source computing device 102-1. Theuser interface 1022 can inform the user of the destination computingdevice 102-2 that an acceptance of the request is not yet received, andwill continue waiting for the source computing device 102-1 to acceptthe request.

Turning now to the source computing device 102-1 as illustrated in step1030 of FIG. 10C, the source computing device 102-1 can receive therequest from the destination computing device 102-2. In response, thesource computing device 102-1 can present a user interface 1032 thatdisplays a notification 1034 to inquire whether the user of the sourcecomputing device 102-1 allows or denies a user (“Mac”) of thedestination computing device 102-2 to access an active wireless network(“Mavericks”). Additionally, the user interface 1032 can present a listof suggested alternative wireless networks 1038 (“Manresa,”“O'Neill_House,” “Steamer_Lane,” or “Other”) that the destinationcomputing device 102-2 should access. In this manner, the user (“Jay”)can select from either the active wireless network (“Mavericks”) or fromamong the list of suggested alternative wireless networks 1038.Moreover, the list of suggested alternative wireless networks 1038 canpresent a respective signal strength for each of the alternativewireless networks to facilitate the user (“Jay”) to make the selection.In turn, the user (“Jay”) of the source computing device 102-1 canselect an allow icon 1036 to send an inquiry to the destinationcomputing device 102-2 to access the specific wireless network(“Mavericks”).

Returning to the destination computing device 102-2 as illustrated instep 1040 of FIG. 10D, the destination computing device 102-2 canreceive the acceptance from the source computing device 102-1. In turn,a user interface 1042 of the destination computing device 102-2indicates to the user (“Mac”) that the source computing device 102-1 hasgranted access to the specific wireless network (“Mavericks”). In turn,the user (“Jay”) can select the join network icon 1044 to enable thedestination computing device 102-2 to access this specific wirelessnetwork. It is noted that the user interfaces 1012, 1022, 1032, and 1042illustrated in FIGS. 10A-10D are merely exemplary and that any userinterface can be implemented at the computing devices 102-1,2 to providethe same or similar functionality.

FIG. 11 illustrates a method 1100 for servicing a request issued by anearby computing device to utilize a computing device as a wirelesshotspot, according to some embodiments. As illustrated in FIG. 11 , themethod 1100 begins at step 1102, where the computing device—e.g., acomputing device 102-1—transmits an advertisement to a nearby computingdevice—e.g., the nearby computing device 102-2—to utilize the computingdevice 102-1 as a wireless hotspot. This can occur, for example,subsequent to the computing device 102-1 establishing a cellular datanetwork connection. According to some examples, the computing device102-1 can include a cellular communications component that is capable ofestablishing the cellular data network connection.

According to some examples, the computing device 102-1 can be associatedwith user information 120. In particular, the computing device 102-1 canutilize a hash algorithm (to which the nearby computing device 102-2also has access to) to generate a unique hash value for theadvertisement and the user information 120 that can be transmitted tothe nearby computing device 102-2 as a hashed message. In turn, uponreceiving the hashed message, the nearby computing device 102-2 canrefer to a hash table that provides a correlation of the unique hashvalue to the user information 120 associated with the computing device102-1 to identify the hashed advertisement as being provided by a knowncomputing device 102 (e.g., a friend, a relative, a colleague, etc.).According to other examples, the computing device 102-1 can transmit theadvertisement as an encrypted message. In particular, prior totransmitting the advertisement, the computing device 102-1 can providethe nearby computing device 102-2 with a device key 124 (e.g., anencryption key) associated with the computing device 102-1.Subsequently, when the nearby computing device 102-2 receives theencrypted message, the nearby computing device 102-2 can attempt todecrypt the contents of the encrypted message using the device keys 124that are known (i.e., previously stored by) the nearby computing device102-2. In either case, the privacy of the computing device 102-1 isenhanced as irrelevant/unknown computing devices 102 are unable toaccess the contents of the message.

In turn, at step 1104, the computing device 102-1 can receive a requestfrom the nearby computing device 102-2 to utilize the computing device102-1 as the wireless hotspot, where the request includes userinformation 120 associated with the nearby computing device 102-2.

At step 1106, the computing device 102-1 can determine whether a signalstrength associated with the request satisfies a signal threshold. Aspreviously described herein, the sharing manager 110 of the computingdevice 102-1 can interface with the wireless communications componentsto determine whether the signal strength of the request satisfies arequisite RSSI level to process the request. If the computing device102-1 determines that the signal strength associated with the requestdoes not satisfy the signal threshold, then the computing device 102-1can prevent any notification associated with the request from beingpresented to a user of the computing device 102-1, as indicated by step1108. Beneficially, the user of the computing device 102-1 is preventedfrom being bothered by unknown computing devices 102.

Alternatively, in step 1110, in response to the computing device 102-1determining that the signal strength of the request satisfies therequisite RSSI level, the computing device 102-1 can determine whetherthe user information 120 included in the request is recognized by thecomputing device 102-1. In particular, the computing device 102-1 canidentify whether a pre-existing relationship exists with the nearbycomputing device 102-2 by comparing the user information 120 included inthe request to the contacts 122 managed by the computing device 102-1.Upon determining that the user information 120 is not included in thecontacts 122, the computing device 102-1 can prevent any notificationassociated with the request from being presented to a user of thecomputing device 102-1, as indicated by step 1108.

Otherwise, at step 1112, when the computing device 102-1 determines thatthe user information 120 is included in its contacts 122, the computingdevice 102-1 can present a notification to inquire about whether theuser of the computing device 102-1 approves of granting the nearbycomputing device 102-2 access to utilize the computing device 102-1 asthe wireless hotspot. In one example, the notification presented to theuser can include a contact card having, for example, a first name, aphoto, etc., to inform the user of an identity of the nearby computingdevice 102-2 (and the user who presumably is operating it).

At step 1114, the computing device 102-1 can receive an approval fromthe user to enable the nearby computing device 102-2 to utilize thecomputing device 102-1 as the wireless hotspot. In turn, as indicated bystep 1116, the computing device 102-1 can provide authenticationcredentials 136 (e.g., a password, etc.), which can be used by thenearby computing device 102-2 to authenticate with and gain access tothe wireless hotspot.

FIG. 12 illustrates a method 1200 for servicing a request by a nearbycomputing device to gain access to a secured resource that is managed bya computing device 102-1, according to some embodiments. As illustratedin FIG. 12 , the method 1200 begins at step 1202 where the computingdevice—e.g., the computing device 102-1—receives a request from a nearbycomputing device—e.g., a nearby computing device 102-2—to access thesecured resource through authentication credentials, where the requestincludes user information 120 associated with the nearby computingdevice 102-2 and an indication to access the secured resource. Accordingto some examples, the nearby computing device 102-2 can attempt toaccess the secured resource via a secured application that isestablished at the nearby computing device 102-2 and/or an encryptedwebsite. In particular, the secured resource can refer to a user accountassociated with an online bank account, a user account associated with asocial network profile, a user account associated with a digital mediaitem service, and the like.

According to some embodiments, the computing device 102-1 can receivethe request from the nearby computing device 102-2 when the nearbycomputing device 102-2 presents a user interface that prompts forauthentication credentials (e.g., user name, password, passcode,security question/answer, etc.) in order for the nearby computing device102-2 to access the secured resource. In conjunction with presenting theuser interface, the nearby computing device 102-2 can transmit therequest to the computing device 102-1 to access the secured resource.According to some examples, the request can be transmitted to thecomputing device 102-1 as a hashed message, whereupon the computingdevice 102-1 can refer to a hash table that provides a correlation ofthe unique hash value to the user information 120 associated with thenearby computing device 102-2 to identify the hashed message as beingprovided by a known computing device 102 (e.g., a friend, a relative, acolleague, etc.). According to other examples, the request can betransmitted to the computing device 102-1 as an encrypted message,whereupon the computing device 102-1 can attempt to decrypt the contentsof the encrypted message using the device keys 124 that are known (i.e.,previously stored by) the computing device 102-1. In either case, theprivacy of the nearby computing device 102-2 is enhanced asirrelevant/unknown computing devices 102 are unable to access thecontents of the message.

At step 1204, the computing device 102-1 can determine whether a signalstrength associated with the request satisfies a signal threshold. Aspreviously described herein, the sharing manager 110 of the computingdevice 102-1 can interface with the wireless communications componentsto determine whether the signal strength of the request satisfies arequisite RSSI level to process the request. If the computing device102-1 determines that the signal strength associated with the requestdoes not satisfy the signal threshold, then the computing device 102-1can prevent any notification associated with the request from beingpresented to a user of the computing device 102-1, as indicated by step1206. This can beneficially prevent the user of the computing device102-1 from being bothered by unknown/irrelevant computing devices 102.

Alternatively, in response to the computing device 102-1 determiningthat the signal strength of the request satisfies the requisite RSSIlevel, the computing device 102-1 can determine whether the userinformation 120 included in the request is recognized by the computingdevice 102-1, as indicated by step 1208. In particular, the computingdevice 102-1 can identify whether a pre-existing relationship existswith the nearby computing device 102-2 by comparing the user information120 included in the request to the contacts 122 managed by the computingdevice 102-1. Upon determining that the user information 120 is notincluded in the contacts 122, the computing device 102-1 can prevent anynotification associated with the request from being presented to a userof the computing device 102-1, as indicated by step 1206.

Otherwise, at step 1210, when the computing device 102-1 determines thatthe user information 120 is included in its contacts 122, the computingdevice 102-1 can present a notification to inquire about whether theuser of the computing device 102-1 approves of granting the nearbycomputing device 102-2 access to the secured resource. In one example,the notification presented to the user can include a contact cardhaving, for example, a first name, a photo, etc., to inform the user ofan identity of the nearby computing device 102-2 (and the user whopresumably is operating it).

At step 1212, the computing device 102-1 can receive an approval fromthe user to enable the nearby computing device 102-2 to access thesecured resource. In turn, as indicated by step 1214, the computingdevice 102-1 can provide authentication credentials 136 (e.g., a username, a password, etc.), which can be used by the nearby computingdevice 102-2 to authenticate with and gain access to the securedresource. According to some examples, the authentication credentials 136can be bundled with a temporal limit indication such that theauthentication credentials 136 will expire after a predetermined amountof time.

FIG. 13 illustrates a method 1300 for servicing a request issued by anearby computing device to access a wireless network by providing thenearby computing device with a temporary password, according to someembodiments. As illustrated in FIG. 13 , the method 1300 begins at step1302, where a computing device—e.g., a computing device 102-1—receives arequest from a nearby computing device—e.g., a nearby computing device102-2—that includes user information 120 associated with the nearbycomputing device 102-2 and an indication that the nearby computingdevice 102-2 is seeking to access a wireless network 130.

According to some examples, the request can be transmitted to thecomputing device 102-1 as a hashed message, whereupon the computingdevice 102-1 can refer to a hash table that provides a correlation of aunique hash value of the user information 120 associated with the nearbycomputing device 102-2 to identify the hashed message as being providedby a known computing device 102 (e.g., a friend, a relative, acolleague, etc.). According to other examples, the request can betransmitted to the computing device 102-1 as an encrypted message,whereupon the computing device 102-1 can attempt to decrypt the contentsof the encrypted message using the device keys 124 that are known (i.e.,previously stored by) the computing device 102-1. In either case, theprivacy of the nearby computing device 102-2 is enhanced asirrelevant/unknown computing devices 102 are unable to access thecontents of the message.

According to some examples, upon receiving the request, the computingdevice 102-1 can determine whether a signal strength associated with therequest satisfies a signal threshold. As previously described herein, ifthe computing device 102-1 determines that the signal strengthassociated with the request does not satisfy the signal threshold, thenthe computing device 102-1 can prevent any notification associated withthe request from being presented to a user of the computing device102-1. Additionally, the computing device 102-1 can determine whetherthe user information 120 included within the request is included in itscontacts 122. In response to determining that the user information 120is included in its contacts 122, the computing device 102-1 can presenta notification to inquire about whether the user of the computing device102-1 approves of granting the nearby computing device 102-2 access tothe wireless network 130.

Subsequent to providing the notification to the user of the computingdevice 102-1, at step 1304, the computing device 102-1 can determinewhether approval is received from the user to enable the nearbycomputing device 102-2 to access wireless network 130. If the computingdevice 102-1 determines that the approval from the user has not beenreceived, then the computing device 102-1 can prevent the nearbycomputing device 102-2 from accessing the wireless network 130, asindicated by step 1306.

Alternatively, at step 1308, in response to the computing device 102-1determining that the approval from the user is received, then thecomputing device 102-1 can determine whether approval is received fromthe user to generate a temporary password for the nearby computingdevice 102-2 to access the wireless network 130. In particular,subsequent to receiving the approval from the user, the computing device102-1 can present a notification to inquire about whether the userdesires to restrict an amount of time that the nearby computing device102-2 has access to the wireless network 130.

In turn, as indicated by step 1310, the computing device 102-1 cantransmit a request to a computing device to generate a temporarypassword for the nearby computing device 102-2 to access the wirelessnetwork 130. According to some examples, the computing device can referto one or more server devices to which the computing device 102-1 caninterface with directly. According to other examples, the computingdevice can refer to a wireless router that is associated with thewireless network 130 to which the computing device 102-1 can interfacewith directly. According to other examples, the computing device canrefer to the computing device 102-1 itself.

At step 1312, the computing device 102-1 can receive the temporarypassword from the computing device. According to some embodiments, thetemporary password can be retrieved from a collection of pre-existingtemporary passwords that are established at the computing device andpurposed specifically for guests to access the wireless network 130. Inparticular, when the temporary passwords are at least one of generated,received from the computing device, or transmitted to the nearbycomputing device 102-2, the temporary passwords can be bundled with abit flag (e.g., temporal limit indication). For example, the temporallimit indication can stipulate that the temporary password will remainvalid for use by the nearby computing device 102-2 for a period of only48 hours. In this manner, after the period of 48 hours lapses, thecomputing device can render the temporary password invalid for accessingthe wireless network 130. According to some embodiments, the temporarypasswords can be generated by the computing device in response toreceiving the request from the computing device 102-1. In particular,the temporary passwords can be bundled with the bit flag that providesinstructions for the temporary password to expire after the nearbycomputing device 102-2 is no longer using the password, such as when thenearby computing device 102-2 has not accessed the wireless network 130for a predetermined amount of time (e.g., 24 hours). According to someembodiments, the computing device, such as a wireless router associatedwith the wireless network 130, can regulate access to the wirelessnetwork 130 by continually updating a complete list of authorizedpasswords that can be used by the nearby computing device 102-2 toaccess the wireless network 130. In response to the computing device102-1 requesting a temporary password, the wireless router can generateand provide the computing device 102-1 with the temporary password whilealso updating the complete list of authorized passwords with therecently generated temporary password. The wireless router can beconfigured to establish a temporal time limit that stipulates how longthe temporary password will remain valid. Subsequent to the expirationof the temporal time limit, the wireless router can be configured toremove the temporary password from the complete list of authorizedpasswords.

Subsequently, at step 1314, the computing device 102-1 can directly orindirectly (e.g., via the computing device) provide the nearby computingdevice 102-2 with the temporary password to enable the nearby computingdevice 102-2 to access the wireless network 130.

FIG. 14 illustrates a method 1400 for enabling a wireless router toprovide a nearby computing device with access to a wireless network,according to some embodiments. As illustrated in FIG. 14 , the method1400 begins at step 1402, where the wireless router associated with awireless network 130 receives a request from a computing device—e.g., acomputing device 102-1—where the request includes user information 120associated with the computing device 102-1 and a list of one or morecontacts 122 that are approved by a user of the computing device 102-1to access the wireless network 130. This can occur, for example, whenthe user of the computing device 102-1 desires to grant a nearbycomputing device—e.g., the nearby computing device 102-2—access to thewireless network 130, but is not in geographical proximity to thewireless network 130 to be capable of servicing a request by the nearbycomputing device 102-2 to access the wireless network 130. According tosome embodiments, the wireless router can utilize the user information120 to determine whether the request was provided by a known computingdevice 102 (i.e., a user having authority to grant computing devices 102access to the wireless network 130).

In turn, at step 1404, in response to determining that the computingdevice 102-1 is known or recognized, the wireless router can store thelist of the one or more contacts 122 that are approved to access thewireless network 130 at a storage device that is in communication withthe wireless network 130. Additionally, the computing device 102-1 canestablish the list of the one or more contacts 122 that are approved toaccess the wireless network 130 through a user account, e.g., a user IDassociated with a single sign-on service that is associated with thecomputing device 102-1, in order to enable the computing device 102-1and/or the wireless router to retrieve the list of contacts 122 whom areapproved to access the wireless network 130. Accordingly, in someexamples, the wireless router may not require that the computing device102-1 provide the wireless router with the list of the one or morecontacts as the wireless router can instead retrieve this list from theuser account.

Subsequently, at step 1406, the wireless router can receive a requestfrom the nearby computing device 102-2 to access the wireless network130. According to some embodiments, the request includes userinformation 120 associated with the nearby computing device 102-2 and anindication to access the wireless network 130. According to someexamples, the request can be transmitted to the wireless router as ahashed message. According to some examples, the request can betransmitted to the wireless router as an encrypted message.

At step 1408, the wireless router can determine whether a signalstrength associated with the request satisfies a signal threshold. Insome examples, the wireless router can be capable of establishing ageo-fence having a physical proximity threshold. The wireless router candetermine whether a signal strength of the request satisfies a requisiteRSSI level to process the request. If the wireless router determinesthat the signal strength associated with the request does not satisfythe signal threshold, then the wireless router can prevent the nearbycomputing device 102-2 from accessing the wireless network 130, asindicated by step 1410.

Alternatively, at step 1412, in response to the wireless routerdetermining that the signal strength of the request satisfies therequisite RSSI level, the wireless router can determine whether the userinformation 120 included in the request corresponds to the one or morecontacts 122 that are approved to access the wireless network 130. Inparticular, the wireless router can compare the user information 120included in the request to the contacts 122 provided in the list of theone or more contacts. Upon determining that the user information 120 isnot included in the contacts 122, the wireless router can prevent thenearby computing device 102-2 to access the wireless network 130, asindicated by step 1410.

Otherwise, at step 1414, when the wireless router determines that theuser information 120 provided in the request is included in the list ofthe one or more contacts that are approved to access the wirelessnetwork 130, the wireless network can provide authentication credentials136 (e.g., a user name, a password, etc.), which can be used by thenearby computing device 102-2 to authenticate with and gain access tothe wireless network 130. According to some embodiments, and asdescribed herein, the wireless router can be capable of providing thenearby computing device 102-2 with a temporary password that can bebundled with a temporal limit indication such that the temporarypassword will remain valid for use by the nearby computing device 102-2for a limited duration of time.

FIG. 15 illustrates a detailed view of a computing device 1500 that canrepresent the different computing devices of FIG. 1 used to implementthe various techniques described herein, according to some embodiments.For example, the detailed view illustrates various components that canbe included in the computing devices (e.g., 102-1 through 102-N)described in conjunction with FIG. 1 . As illustrated in FIG. 15 , thecomputing device 1500 can include a processor 1502 that represents amicroprocessor or controller for controlling the overall operation ofthe computing device 1500. The computing device 1500 can also include auser input device 1508 that allows a user of the computing device 1500to interact with the computing device 1500. For example, the user inputdevice 1508 can take a variety of forms, such as a button, keypad, dial,touch screen, audio input interface, visual/image capture inputinterface, input in the form of sensor data, and so on. Still further,the computing device 1500 can include a display 1510 that can becontrolled by the processor 1502 (e.g., via a graphics component) todisplay information to the user. A data bus 1516 can facilitate datatransfer between at least a storage device 1540, the processor 1502, anda controller 1513. The controller 1513 can be used to interface with andcontrol different equipment through an equipment control bus 1514. Thecomputing device 1500 can also include a network/bus interface 1511 thatcouples to a data link 1512. In the case of a wireless connection, thenetwork/bus interface 1511 can include a wireless transceiver.

As noted above, the computing device 1500 also includes the storagedevice 1540, which can comprise a single disk or a collection of disks(e.g., hard drives). In some embodiments, storage device 1540 caninclude flash memory, semiconductor (solid state) memory or the like.The computing device 1500 can also include a Random-Access Memory (RAM)1520 and a Read-Only Memory (ROM) 1522. The ROM 1522 can store programs,utilities or processes to be executed in a non-volatile manner. The RAM1520 can provide volatile data storage, and stores instructions relatedto the operation of applications executing on the computing device 1500.

The various aspects, embodiments, implementations or features of thedescribed embodiments can be used separately or in any combination.Various aspects of the described embodiments can be implemented bysoftware, hardware or a combination of hardware and software. Thedescribed embodiments can also be embodied as computer readable code ona computer readable medium for controlling manufacturing operations oras computer readable code on a computer readable medium for controllinga manufacturing line. The computer readable medium is any data storagedevice that can store data which can thereafter be read by a computersystem. Examples of the computer readable medium include read-onlymemory, random-access memory, CD-ROMs, HDDs, DVDs, magnetic tape, andoptical data storage devices. The computer readable medium can also bedistributed over network-coupled computer systems so that the computerreadable code is stored and executed in a distributed fashion.

The foregoing description, for purposes of explanation, used specificnomenclature to provide a thorough understanding of the describedembodiments. However, it will be apparent to one skilled in the art thatthe specific details are not required in order to practice the describedembodiments. Thus, the foregoing descriptions of specific embodimentsare presented for purposes of illustration and description. They are notintended to be exhaustive or to limit the described embodiments to theprecise forms disclosed. It will be apparent to one of ordinary skill inthe art that many modifications and variations are possible in view ofthe above teachings.

What is claimed is:
 1. A method for enabling a nearby computing deviceto access a wireless hotspot provided by a computing device, the methodcomprising, at the computing device: receiving a cryptographic requestfrom the nearby computing device to access the wireless hotspot, whereinthe cryptographic request includes user information associated with thenearby computing device; determining, based on the cryptographicrequest, that the nearby computing device satisfies a proximitythreshold relative to the computing device; determining that the nearbycomputing device is recognized by the computing device by identifyingthe user information included in the cryptographic request; receiving anapproval for the nearby computing device to access the wireless hotspot;and providing, to the nearby computing device, a password for accessingthe wireless hotspot.
 2. The method of claim 1, wherein: thecryptographic request is associated with a Received Signal StrengthIndication (RSSI) that is established by a wireless communicationscomponent of the computing device, and the proximity threshold issatisfied when the RSSI is greater than or equal to a predeterminedvalue.
 3. The method of claim 1, further comprising, prior to receivingthe approval: presenting a notification that the nearby computing deviceis requesting to access the wireless hotspot, wherein the approvalcorresponds to a selection provided by way of a user interface in whichthe notification is displayed.
 4. The method of claim 1, wherein thepassword is in a format that renders the nearby computing deviceincapable of accessing the wireless hotspot after a threshold period oftime is satisfied.
 5. The method of claim 4, wherein the passwordcomprises a pre-shared key (PSK) for a WiFi Protected Access (WPA)network or a WiFi Protected Access II (WPA2) network.
 6. The method ofclaim 1, wherein identifying the user information comprises: comparingthe user information to prior user information provided by the nearbycomputing device that is stored at the computing device.
 7. The methodof claim 1, wherein the method further comprises, prior to providingpassword to the nearby computing device: establishing a securecommunication link with the nearby computing device to enable thecomputing device to provide the password to the nearby computing devicein a secure manner.
 8. A non-transitory computer readable storage mediumconfigured to store instructions that, when executed by at least oneprocessor included in a computing device, cause the computing device toenable a nearby computing device to access a wireless hotspot providedby the computing device, by carrying out steps that include: receiving acryptographic request from the nearby computing device to access thewireless hotspot, wherein the cryptographic request includes userinformation associated with the nearby computing device; determining,based on the cryptographic request, that the nearby computing devicesatisfies a proximity threshold relative to the computing device;determining that the nearby computing device is recognized by thecomputing device by identifying the user information included in thecryptographic request; receiving an approval for the nearby computingdevice to access the wireless hotspot; and providing, to the nearbycomputing device, a password for accessing the wireless hotspot.
 9. Thenon-transitory computer readable storage medium of claim 8, wherein: thecryptographic request is associated with a Received Signal StrengthIndication (RSSI) that is established by a wireless communicationscomponent of the computing device, and the proximity threshold issatisfied when the RSSI is greater than or equal to a predeterminedvalue.
 10. The non-transitory computer readable storage medium of claim8, wherein the steps further include, prior to receiving the approval:presenting a notification that the nearby computing device is requestingto access the wireless hotspot, wherein the approval corresponds to aselection provided by way of a user interface in which the notificationis displayed.
 11. The non-transitory computer readable storage medium ofclaim 8, wherein the password is in a format that renders the nearbycomputing device incapable of accessing the wireless hotspot after athreshold period of time is satisfied.
 12. The non-transitory computerreadable storage medium of claim 11, wherein the password comprises apre-shared key (PSK) for a WiFi Protected Access (WPA) network or a WiFiProtected Access II (WPA2) network.
 13. The non-transitory computerreadable storage medium of claim 8, wherein identifying the userinformation comprises: comparing the user information to prior userinformation provided by the nearby computing device that is stored atthe computing device.
 14. The non-transitory computer readable storagemedium of claim 8, wherein the method further comprises, prior toproviding password to the nearby computing device: establishing a securecommunication link with the nearby computing device to enable thecomputing device to provide the password to the nearby computing devicein a secure manner.
 15. A computing device configured to enable a nearbycomputing device to access a wireless hotspot provided by the computingdevice, the computing device comprising: at least one processor; and atleast one memory storing instructions that, when executed by the atleast one processor, cause the computing device to carry out steps thatinclude: receiving a cryptographic request from the nearby computingdevice to access the wireless hotspot, wherein the cryptographic requestincludes user information associated with the nearby computing device;determining, based on the cryptographic request, that the nearbycomputing device satisfies a proximity threshold relative to thecomputing device; determining that the nearby computing device isrecognized by the computing device by identifying the user informationincluded in the cryptographic request; receiving an approval for thenearby computing device to access the wireless hotspot; and providing,to the nearby computing device, a password for accessing the wirelesshotspot.
 16. The computing device of claim 15, wherein: thecryptographic request is associated with a Received Signal StrengthIndication (RSSI) that is established by a wireless communicationscomponent of the computing device, and the proximity threshold issatisfied when the RSSI is greater than or equal to a predeterminedvalue.
 17. The computing device of claim 15, wherein the steps furtherinclude, prior to receiving the approval: presenting a notification thatthe nearby computing device is requesting to access the wirelesshotspot, wherein the approval corresponds to a selection provided by wayof a user interface in which the notification is displayed.
 18. Thecomputing device of claim 15, wherein the password is in a format thatrenders the nearby computing device incapable of accessing the wirelesshotspot after a threshold period of time is satisfied.
 19. The computingdevice of claim 18, wherein the password comprises a pre-shared key(PSK) for a WiFi Protected Access (WPA) network or a WiFi ProtectedAccess II (WPA2) network.
 20. The computing device of claim 15, whereinidentifying the user information comprises: comparing the userinformation to prior user information provided by the nearby computingdevice that is stored at the computing device.